Wireless access control system and related methods

ABSTRACT

A wireless access control system includes a remote access device. A plugin device communicates with the remote access device. A lock controls the ability to lock and unlock a door in which the lock is disposed. The lock is in communication with the plugin device. The plugin device determines a distance between the remote access device and the lock and causes the lock to communicate with the remote access device when the remote access device is at a distance less than or equal to a predetermined distance from the lock to enable the lock to be unlocked.

CROSS REFERENCE TO RELATED APPLICATION(S)

This application is a Continuation-In-Part of copending U.S. patentapplication Ser. No. 13/415,365, filed on Mar. 8, 2012, which claims thebenefit of Provisional Patent Application No. 61/453,737, filed Mar. 17,2011, in its entirety and is hereby incorporated by reference.

FIELD OF THE INVENTION

The present invention generally relates to access control systems, andmore particularly, to passive keyless entry control systems.

BACKGROUND

A passive keyless entry (PKE) system offers an increased level ofconvenience over a standard lock and key, for example, by providing theability to access a secure building or device without having to find,insert, and turn a traditional key. A user may simply approach a lockedPKE lock and with little if any pause or interaction, the lock grantsthis user access if they are carrying an authorized token.

A PKE system is currently used in an automotive application and mayoffer increased convenience by identifying drivers and unlocking the caras they approach. Automotive access is traditionally given by insertinga key into the lock or by pushing buttons on a traditional remotekeyless entry (RKE) system. In contrast, a PKE system grants access withreduced user interaction through the use of a token carried by thedriver.

Several technical challenges have been encountered during theengineering of a radio frequency (RF) PKE system, for example, for usein a residential lock. The desired basic perceived behavior of the PKEsystem in a residential application may be as follows: 1) the userapproaches and touches the lock; 2) the lock authenticates the user witha reduced delay; 3) the lock unlocks; 4) the lock may not operate if theauthorized user is outside a desired range and the lock is touched byanother, unauthorized, user; 5) the lock may not operate if theauthorized user is on the inside of the house, and the lock is touchedon the outside by an unauthorized user; and 6) when an authorized userrevokes a key from another user or a remote access device needs to bereplaced, it may be revoked and confirmed within a few seconds.

Indeed, as will be appreciated by those skilled in the art, with respectto the above desired basic perceived behavior of the PKE system in aresidential application, primary challenges to be addressed includeitems 2 (speed), 4 (distance), 5 (location), and 6 (timely revocation).Accordingly, it may be desirable to improve authentication speed,proximity measurement, and power consumption, for example.

SUMMARY OF THE INVENTION

A wireless access control system includes a remote access device foraccessing a lock. The lock contains a controller for controlling theability to lock and unlock a door in which the lock is disposed. Thelock communicates with the remote access device when the remote accessdevice is at a distance less than or equal to a predetermined distancefrom the lock to enable the lock to be unlocked by the remote accessdevice. The lock includes a visual indicator for indicating to a userone of: 1) the user is within a range to control the lock; 2) error inoperation; 3) a locked condition; or 4) a software upgrade.

In another embodiment, the wireless access control system includes aserver, the server storing information about the remote access deviceand controller information. The server determines whether a new uniqueremote access device identifier is to be added to the system containinga particular lock. Once the server confirms that a new unique remoteaccess device identifier is to be associated with the controller, theserver maps the new unique remote access device identifier with thecontroller and archives any former unique remote access deviceidentifier which is no longer to be associated with the controller. Whenthe remote access device is within a local area connection range, theremote access device pairs with the controller and transfers control bythe user to the new device having the new unique remote access deviceidentifier.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a schematic diagram of a wireless access system according tothe present invention;

FIG. 2 a is a perspective view of a lock constructed in accordance withthe invention;

FIG. 2 b is a perspective view of a lock constructed in accordance withanother embodiment of the invention;

FIG. 3 a is a top plan view of a remote access device constructed inaccordance with the invention as a key;

FIG. 3 b is a front plan view of a remote access device constructed inaccordance with yet another embodiment of the invention as anapplication for a cell phone;

FIG. 4 is a front plan view of a home-connect plugin of the wirelessaccess system constructed in accordance with the invention;

FIG. 5 is a schematic diagram of the communication between thecomponents of the wireless access system in a typical residential systemlayout in accordance with the invention; and

FIG. 6 is a flow chart of operation of the wireless access system inaccordance with the invention.

FIG. 7 is a schematic diagram of the communication between thecomponents of the wireless access devices in accordance with anotherembodiment of the invention having an outwardly facing antenna, and aninwardly facing antenna;

FIG. 8 is a perspective view of a lock containing a visual conditionindicator constructed in accordance with the invention;

FIG. 9 is a perspective view of a lock with a visual condition indicatorconstructed in accordance with another embodiment of the invention;

FIG. 10 is a perspective view of a lock with a visual conditionindicator constructed in accordance with another embodiment of theinvention;

FIG. 11 is a perspective view of a lock with a visual conditionindicator constructed in accordance with another embodiment of theinvention;

FIGS. 12 a-d are a flow chart showing a method for replacing one remoteaccess device with another in accordance with the invention; and

FIG. 13 is a flow chart for operation of the inwardly facing antenna andoutwardly facing antenna in accordance with the invention.

DETAILED DESCRIPTION OF THE INVENTION

The present description is made with reference to the accompanyingdrawings, in which various embodiments are shown. However, manydifferent embodiments may be used, and thus the description should notbe construed as limited to the embodiments set forth herein. Rather,these embodiments are provided so that this disclosure will be thoroughand complete. Like numbers refer to like elements throughout, and primenotation is used to indicate similar elements or steps in alternativeembodiments.

Referring to FIGS. 1, 2 a, and 2 b, a wireless access system 10, forexample, a PKE system, includes a lock 11. The lock 11 may be installedin a standard deadbolt hole and may be battery powered, for example. Thelock 11 may be a human controlled (keyed) lock, for example (FIG. 2 a).The lock 11 includes an outer cylinder 12 that rotates freely around astandard key cylinder 13. When engaged, the cylinder 13 is linked to adeadbolt 14, thus giving the user control to extend or retract thedeadbolt utilizing their key. The lock 11 includes a controller 21 orprocessor and wireless communication circuitry 22 for wirelesscommunication which as will be discussed below, enable remote accessdevice 15 to operate lock 11.

Alternatively, in another embodiment, the lock 11′ may be motor powered(FIG. 2 b). When a user is in sufficiently close vicinity or touchesanywhere on the lock 11′, the deadbolt 14′ is driven by the motor (notshown) to open the lock for authorized users having the remote accessdevice 15. Of course, the lock 11 may be another type of lock or lockingmechanism and may be installed in any access point, for example.

Referring now additionally to FIG. 3, the wireless access system 10includes a remote access device 15. The remote access device 15 isadvantageously a key or token configured to control the lock 11. Inparticular, the remote access device 15 may be a standard key includinga remote controller 16 for controlling lock 11 and remote wirelessaccess electronics coupled thereto (FIG. 3 a). Remote access device 15also includes wireless communication circuitry 18 for sending andreceiving signals. In a preferred non-limiting example, the signal is aBluetooth signal.

Alternatively, or additionally, the remote access device 15 may be amobile wireless communications device, such as, for example, a mobiletelephone that may include the remote wireless access electronicsdescribed above cooperating with an application 17′ stored in memory 17(FIG. 3 b). The application 17′ may be configured to send a signal toprovide access and control over the lock 11′, for example. Of course,more than one remote access device 15′ may be used and may be anothertype of remote access wireless device, for example, a wireless FOBwithout the mechanical key, as will be appreciated by those skilled inthe art.

Referring now additionally to FIG. 4, the wireless access system 10 alsoincludes a home-connect plugin 30. A typical mains power outlet 31 isshown, with the home-connect plugin 30 plugged-into it. The home-connectplugin 30 includes a home-connect controller 32 and associated wirelesscommunication circuitry 33 cooperating therewith and configured tocommunicate with the lock 11, and the remote access device 15.

The home-connect plugin 30 may also be part of a wireless local areanetwork (WEAN) connectivity, for example, Wi-Fi connectivity, to link itto an off-site web-based server 34, for example. This advantageouslyenables the lock 11 to receive near real time updates for adding orremoving users, one-time access, extended access or specific timedaccess, and other connectivity related updates and functions, as will beappreciated by those skilled in the art. Additional services may beselectively provided via the Internet using the WLAN connectivityprovided by server 34, for example. While the home-connect plugin 30 isdescribed herein as a plugin device, it will be appreciated by thoseskilled in the art that the functionality of the home-connect plugin 30may be embodied in any of a number of form factors, for example.

Referring now additionally to FIG. 5, a typical residential setupexample of the wireless access system 10 is illustrated. As describedabove with respect to FIG. 4, the home-connect plugin 30 is typicallyplugged-in to the mains power outlet 31, at a location in relativelyclose proximity, sufficient to communicate therewith, to the lock 11,which may be installed on the front door, for example. The remote accessdevice 15 approaches from the outside of the home. Both the home-connectplugin 30 and lock 11 are configured to communicate with the remoteaccess device 15 independently or simultaneously, as will be describedbelow and appreciated by those skilled in the art.

The home-connect plugin 30 may be configured to approximately determinethe position of the remote access device 15. In a preferred non-limitingembodiment, the home-connect plugin 30 periodically sends a signal tocommunicate with a remote access device 15. When remote access device 15is within range to receive the signal, remote access device 15 outputs areturn signal to home-connect plugin 30. Lock 11 may also receive thesignal from remote access device 15. By determining a received signalstrength indication (RSSI). For example, when an algorithm of thehome-connect plugin 30 determines that the remote access device 15 isapproaching and is within a defined range.

In one non-limiting exemplary embodiment, lock 11 is in a hibernation orlow power level state. Upon determining that the remote access device iswithin a predetermined distance, the home-connect plugin may send awakeup signal to the lock 11. In this way, home-connect plugin 30 may beconfigured to have an extended range capability, for example, 100 ormore meters. The lock 11 has a smaller range, for example, of about 10meters, but may be greater in some cases. Therefore, the home-connectplugin 30 may communicate with the remote access device 15 before thelock 11. Thus, the home-connect plugin 30 may send a signal to the lock11 to wake up and start communicating with the remote access device 15to save battery life, for example. By causing remote access device 15and lock 11 to communicate only in response to a signal fromhome-connect plugin 30, the battery life of lock 11 and remote accessdevice can be extended.

Additionally, the home-connect plugin 30 may establish a communicationlink with the remote access device 15 in advance, for example, thusincreasing the speed of the authentication process to create little ifany perceived delay for the user. Once the lock 11 is woken up by thehome-connect plugin 30 and connected to the remote access device 15,both the home-connect plugin and the lock track the RSSI of the remoteaccess device until the algorithm determines it is within a definedaccessible range from lock 11. Both the home-connect plugin 30 and thelock 11 gathering RSSI data together may utilize this data in analgorithm to determine the position of the remote access device 15 withgreater accuracy than either the home-connect plugin 30 or lock 11alone. Once the remote access device 15 is within the determinedaccessible distance, the home-connect plugin 30 grants remote accessdevice 15 access control to the lock 11. More than one home-connectplugin 30 may be used in some embodiments for more accurate positiondetermining, and to increase authorized user capacity and overall speedof the wireless access system 10,

Operation of the wireless access system 10 will now be described withreference additionally to the flowchart in FIG. 6. The lock 11, mayinitially be in a sleep mode to conserve battery power, for example. Thehome-connect plugin 30 is typically powered on and searching forauthorized remote access devices 15, i.e. token(s), the standard key,and/or the mobile wireless communications device, in range in a step100. In one preferred non-limiting embodiment, authorization isestablished by syncing the Bluetooth identifier of remote access devices15 and home-connect plugin 30 as known in the art. The home-connectplugin 30 establishes an asynchronous communication link, (ACL)connection. In this way the system is self authorizing at it onlyrecognizes components with which it has established a connection.

The authorized remote access device 15 enters the home-connect plugin 30broadcast range in a step 102. Once the home-connect plugin 30 finds anauthorized remote access device 15 in range, it establishes connectionin a step 104 and begins to monitor the RSSI of the return signal fromremote access device 15 to estimate its position.

In a step 106, it is determined whether remote access device 15 remainsin range of the home-connect plugin 30 if not the process returns tostep 100 to begin again. If yes, then home-connect plugin 30 calculateswhether remote access device 15 is approaching and whether it enters thelock wake-up range in step 108. If not, step 106 is repeated. Once thehome-connect plugin 30 estimates that the remote access device 15 hasentered the defined wake-up range in a step 108, it sends a wake-up andconnection signal to the lock 11 in a step 110.

In a step 112 it is determined whether lock 11 wakes up and sendsconfirmation to home-connect plugin 30. If not, the wake-up signal isrepeated in step 110. Once the lock 11 wakes up, it also establishes alow level connection with the remote access device 15 in a step 114, andbegins to monitor the RSSI of the remote access device 15 or devices ifthere are more than one. Both the home-connect plugin 30 and the lock 11are monitoring RSSI to more accurately determine the position of theremote access device 15 in a step 118. This computing may be performedby a processor or controller 32 included within the home-connect plugin30, the controller 21 within lock 11, or both. The home-connect plugin30 and the lock 11 determine whether the remote access device is withinthe determined accessible distance in step 116. It is determined whetherthe home-connect plugin 30 and lock 11 calculate the remote accessdevice 15 is within the control range. If not, the determination isagain made in step 116; if yes, then the user is granted authorizationto the lock 11, and the deadbolt 14 becomes controllable in a step 120,either extending or retracting per the user's action.

If the remote access device 15 is not within the wake-up range of lock11, then lock 11 goes back to sleep or a low power mode, in a step 122.

Additional and/or alternative functions of the wireless access system 10will now be described. Reference is now made to FIGS. 8-11 wherein alock constructed and operated in accordance with another embodiment ofthe invention is provided. Like numbers are utilized to indicate likestructure. The primary difference in this embodiment being the inclusionof the visual indicator at an easily and readily seen position on thelock to indicate a system condition to the user as they approach thelock.

As seen in FIG. 8 a deadbolt lock 211 includes a visual indicator 216.In a preferred but non-limiting embodiment, visual indicator 216 is aselectively controllable light in the form of a circle having a diametersubstantially equal to the diameter of the cylinder of deadbolt lock211. In a preferred embodiment, visual indicator 216 is a light emittingdiode (LED) formed as a circular light pipe. In a preferred butnon-limiting embodiment, visual indicator 216 is capable of indicatingtwo or more visual conditions such as two or more colors, static versusflashing, in illuminate or non-illuminate, in order to indicate at leasttwo distinct conditions.

Visual indicator 216 may be controlled by either one of onboardcontroller 21 or home-connect plugin controller 32. In a preferredembodiment, controller 21 which controls lock 211 is in communicationwith and controls audiovisual indicator 216.

In this way, when lock 211 determines that the remote access device iswithin a determined accessible distance such as in step 116 above, thestate of audiovisual indicator 216 is changed either from dormant toilluminated, from a first color such as red indicating locked, to asecond color such as green indicating open, or from a static state colorto a flashing illumination. What is required is a change incondition/state of the illuminating device in response to a recognitionthat the remote access device is within a predetermined distance toallow control of the lock 211.

Positioning a visual indicator 216 at the circumference of the face ofthe lock 211 is given by way of example only, as shown in FIG. 9. Visualindicator 216′ may merely encircle the actual key hole for the lock asseen in FIG. 10. In a doorknob spring lock embodiment, a doorknob 211′includes visual indicator 216′ which surrounds the key hole. Lastly, ina lever embodiment 211″ as shown in FIG. 11, having a handle 220 alsoincludes a visual indicator 216′ surrounding the key hole.

Furthermore, visual indicator 216 may indicate that a lock is in alock/unlock state, is accessible to be opened utilizing touch sensor 26,as described above, but may also be used to indicate an error inoperation utilizing a third type of visual indicator (color yellowflashing at a different rate), that lock 211 is capable of beingprogrammed or is in the process of being programmed. Differentindicators as expressed by visual indicator 216 may even indicatedifferent steps in a lock or unlocking process, or as confirmation ofthe completion of different steps during a programming process.

In addition to informing the user that they are in the control range,visual indicator 216 can change its indicating state by a single touchsensed at touch sensor 26. By way of example, the user touches lock 211at a position 215 or 219 to unlock lock 211 and visual indicator 216turns green. The user may again touch lock 211 to lock lock 211 andchanging the state exhibited by audiovisual indicator 216 from green tored.

In another embodiment, with respect to an independent function, plugin30 may notify lock 10 at a low energy level that the home-connect plugin30 has lost power, the lock 11 may be configured to have a change ofstatus to wake up in the absence of the signals from plugin device 30,or to be woken up by a user's touch and approximately determine theposition of the user by itself, as well as authenticate the user in amanner similar to that described in connection with plugin device 30. Inanother embodiment, plugin 30 continuously pings lock 10 at a low energylevel and if plugin 30 goes offline, lock 11 may be configured to have achange of status to wake up in the absence of the signals from plugindevice 30, or to be woken up by a user's touch and approximatelydetermine the position of the user by itself, as well as authenticatethe user in a manner similar to that described in connection with plugindevice 30. In an embodiment in which the remote access device is a smartphone, tablet, or similar device, home-connect plugin 30 may alsorequest the user to verify their access control request by promptingthem for an action or code on their remote access device 15′, forexample, via a display on their mobile wireless communications device.

The wireless access system 10 may include a calibration feature. Moreparticularly, a connection between the home-connect plugin 30 and thelock 11 may be used by the algorithm to calibrate the RSSI input toadjust for changes in environmental conditions, for example. In one nonlimiting example, plugin device 30 determines RSSI values for remoteaccess device 15 over a number of distinct communications. It thendetermines a maximum average in range value in which communicationbetween plugin device 30 and remote access device 15 occurs and aminimum average in range value at value in which communication betweenplugin device 30 and remote access device 15 occurs. In this way, thedistances at which plugin 30 begins communicating with remote accessdevice 15 self adjusts as a function of local conditions.

The wireless access system 10 may include an additional positioninginput feature. The remote access device 15 may have an accelerometerwhich can be utilized to determine the orientation of the remote accessdevice 15, which can be transmitted to system 10, for example byBluetooth low energy. This orientation information can be utilized inconjunction with the received signal strength to better determine theremote access device 15 position. This is useful as received signalstrength can vary based on orientation even if the position of thedevice 15 does not change.

In a process to revoke a key where the key is a smart phone, tablet orthe like, once a user decides to revoke a key code, the user may send atermination request to home-connect plugin 30 or to the remote accessdevice key 15′ being revoked. If there is no response, the request isbroadcast to users, for example, all users, in the “approved” network(i.e. users enrolled in the same lock). The request is stored in thebackground on their respective keys. Then when any authorized user is inrange of the lock 11, the key code is revoked from the lock, denyingaccess to the revoked user.

The wireless access system 10 may also include a computing device 25,for example, a personal computer at the user's residence for use in therevocation process. The computing device 25 may include circuitry forwirelessly communicating with the home-connect plugin 30, remote accessdevice 15, and/or lock 11 for revoking the permission. For example, thecomputing device 25 may include Bluetooth communications circuitry, forexample. Other devices and communications protocols may be used in therevocation process.

While the wireless access system 10 is described herein with respect toa door, the wireless access system may be used for access control orprotection of, but not limited to, appliances, heavy machinery, factoryequipment, power tools, pad locks, real estate lock-boxes, garage dooropeners, etc., for example. Alternative remote access device 15embodiments may include a pen, watch, jewelry, headset, PDA, laptop,etc., for example. The wireless access system 10 may be used to protectother devices or areas where it may be desired to restrict access.

With respect to power conservation and increased security methods forthe remote access device 15, and more particularly, a mobile wirelesscommunications device 15′, for example, that may include the remoteaccess application and a global positioning system (GPS) receiver 23,the GPS receiver may be used to track the location relative to thelock's position and enable communication by remote access device 15 onlywhen within range. If the remote access device 15, i.e. mobile wirelesscommunications device 15′ is outside the range, as determined by the GPSreceiver 23, it may not transmit, go into sleep mode or turn off.Additionally, or alternatively, the location of the mobile wirelesscommunication device 15′ may be determined via triangulation withwireless service provider base stations or towers, for example.

Alternatively, or additionally, the remote access device 15 or mobilewireless communications device 15′ may wake up, determine a position,calculate a fastest time a user could be within range of the lock 11,then wake up again at that time and recalculate. When the user is withinthe range, it may enable the remote access application 17, and, thuscommunication for authentication or other purposes.

The wireless access system 10 may be used to augment multi-factorauthentication, e.g. use with a biometric identifier, personalidentification number (PIN) code, key card, etc. The wireless accesssystem 10 may also allow simultaneous multiple authentication of remoteaccess device, for example, mobile wireless communications devices. Moreparticularly, the wireless access system 10 may require a thresholdnumber of authorized remote access devices 15 to be present at a sametime for authentication to succeed.

The wireless access system 10 advantageously may provide increasedsecurity, for example. More particularly, the wireless access system 10may force the user to authenticate in addition to authorization, via theremote access device 15 before the door can be opened. For example, theremote access device 15 may include an authentication device 24 forauthentication via a biometric, password, PIN, shake pattern,connect-the-dots, or combination thereof, for example, prior toaccessing the lock 11. In the case of the remote access application 17on a mobile wireless communications device, for example, the applicationmay have multiple security levels to enable these features, as will beappreciated by those skilled in the art.

With respect to security features, by using proximity sensors, switches,or the like, the wireless access system 10 may indicate whether a userlocked the door, for example. When a user locks the door, for example,the remote access application 17 may log “Lock” with a time stamp sothat it may be tracked and checked on the remote access device 15, i.e.the mobile wireless communications device, for example. The wirelessaccess system 10 may include a sensing device 26 for example, anaccelerometer to track door openings, for example. Based upon theaccelerometer, data may be provided through the application or via theInternet or other network, for example. The sensing device 26 may beanother type of device, for example, a touch sensor.

In one advantageous security feature, when the door is opened, or anattempt is made to open the door, which may be detected by theaccelerometer 26 or other door opening determining methods, as will beappreciated by those skilled in the art, known, and even previouslyrevoked, remote access devices 15 in range and/or discoverable devices,may be recorded along with a time stamp. This may capture anunauthorized user, for example.

Another advantageous feature of the wireless access system 10 may allowauthorized visits, for example. More particularly, an authorized visitmay be enabled by a 911 dispatcher or other authorized user to allowspecial or temporary access by the smart phone of a normallyunauthorized user, for example. The wireless access system 10 may keep alog/audit trail. Approval may be granted by trusted a friend or specialauthority, for example, emergency medical services, a fire department,or a police department.

The wireless access system 10 may also include a security featurewhereby when a threshold time has elapsed, the wireless access systemmay ignore a remote access device 15 in range. This advantageouslyreduces or may prevent unauthorized access that may occur from leaving aremote access device 15 that is authorized inside near the door. Atimeout function (via a timer, not shown) may additionally be used inother undesired entry scenarios. The wireless access system 10 may alsolog all rejected pairing attempts, as will be appreciated by thoseskilled in the art.

The wireless access system 10 may also include a revocable key securityfeature. For example, the wireless access system 10 may include bothrevocable and non-revocable keys. If, for example, the wireless accesssystem 10 is unable to access the server 34 to verify keys, for example,the wireless access system may force the application 17 on the remoteaccess device 15, for example, to check the servers. If the wirelessaccess system 10 is unable to connect or verify the keys, access isdenied.

For example, the revocable key feature may be particularly advantageousto keep an old boyfriend, for example, who is aware that his key isbeing revoked from being able to turn off his remote access device 15 sothat the key is not deleted. However, a wireless connection for theremote access device 15 may be a prerequisite to access in someinstances.

As will be appreciated by those skilled in the art, the wireless accesssystem 10 has the ability to transfer a key from one remote accessdevice 15 to another with the remote access application 17, for example.It may be desired that these keys be revocable in some configurations.However, if the remote access device 15 with the key to be revoked isnot accessible via the network 27, then revocation may not be guaranteedif the lock 11 is offline, for example. The wireless access system 10advantageously addresses these challenges.

In addition, to adding or removing access, it is contemplated,particularly where the remote access device is a cell phone, that a userdoes not retain a remote access device forever. They may be lost,stolen, or changed for an upgrade by way of example and the replacementdevice must be paired with the lock. Reference is now made to FIGS. 12a-12 d in which an embodiment of the invention for changing the remoteaccess device of a particular user is provided. In a step 404, at thevery beginning of the initialization for a new user of the system; tojoin a phone remote access device 15 by way of non-limiting example, tothe system, an account is created on server 34, either a local serversuch as the processor discussed above, or in the preferred non-limitingembodiments, remote access server 34. An account ID and at least a username and password are stored at server 34 in a step 404. Server 34 alsostores phone identification information such as a bluetooth address ascommunicated by the phone, a phone number and any other phoneidentification information such as SIM card information, or the like ina step 406.

In a step 408, the user initiates the local access control system 15 asdiscussed above by communicating with either the controller ofhome-connect plugin 30 or lock 11. As discussed above in step 410, theremote access device 15 may receive its access control information or“key” as transferred from another remote access control device 15. In astep 411, the remote access device 15 sends the paired lock informationto server 34 so that server 34 now maps to this particular account, thephone identifier, the bluetooth information, and the lock information.The server, either local server 34 or a remote server communicatingacross the internet, stores the access control system identificationinformation, the pairing of the pass key, the (“K”) code and the like,which matches the remote access device 15 to the remote access controlsystem, and the types of control and operation. The system then operatesas discussed above.

However, as often occurs as in a step 412, the remote access device(particularly a phone) is either lost, stolen or changed. However, eachphone has its own unique bluetooth address and other phoneidentification information, and therefore, in a preferred embodiment,each remote access device 15 has its own identifier recognizable by lock11 and home-connect plugin 30. System 10 requires an ability to equallyrecognize users with new remote access devices. Because the uniquebluetooth identifier of each remote access device 15 is used as part ofthe recognition and access algorithm in a preferred non-limitingembodiment as discussed above, a new remote access device 15 requiresrepairing with lock 11.

In step 414 a new remote access device 15, a phone in this non-limitingexemplary embodiment, having its own phone identification informationsuch as a bluetooth address is obtained. Utilizing the phone, the userenters account login information to server 34 in a step 416. Server 34utilizes the login information to determine that the new phone bluetoothaddress and phone identification is for an existing account, as thephone number travels with the communication in a step 418. Server 34sends a message to the phone asking whether it is in fact a new phone inthe step 420 and the user confirms the status of the new phone.

In a step 424, server 34 associates the new phone bluetooth address withthe existing account and archives the old bluetooth address on server 34At the same time, or immediately before or immediately after, in a step426, server 34 revokes the old phone credentials (phone ID information,bluetooth address) from the account. Server 34 stores the new remoteaccess device information associated with the existing account.

It is then determined in a step 430 whether or not the local lock systemfor that particular user is WiFi enabled. If yes, then in a step 432 thenew credentials are sent to the local controllers 21, 16 over a WiFinetwork or other local communication network as the new credentials arepaired with the lock 11, the process is ended in a step 450.

If the system is not WiFi enabled, then in a step 434 server 34 sendsthe unique identifiers of the old remote access device 15 to the newremote access device to be temporarily stored thereon. In a step 436 itis determined whether or not the remote access device 15 in the form ofthe phone is within local area connection range, i.e. within range tocommunicate with either one of controller 32 of the home-connect plugin30 and/or controller 21 of lock 11. Step 436 is repeated until remoteaccess device 15 is within range. Once within range, the user triggersthe access control system to enter a pairing mode in a step 438 so thatin this way, the lock 11 recognizes a local access device 15 and theuser. Even though, it is not equipped to communicate with server 34,because of the use of the old phone identifying information, it knows itis communicating with a trusted remote access device 15. The phone(remote access device 15) pairs with the access control system in a step440 and the phone transfers the old bluetooth address credentials toeither control lock 16 or controller 21. In a step 442, system 10updates the bluetooth address stored at lock 11 and home-connect plugin30 with the new phone bluetooth address and phone identifier informationand archives the old bluetooth address in a step 442.

In a step 444, it is confirmed whether the new phone is already in thesystem. If it is in the system, then the process ends in a step 460. Ifit is not in the system, then the processor 34 clears the new bluetoothaddress associated with another user so in step 446 that when the userlogs in with their new bluetooth address the current remote accessdevice information is stored in a step 448, in effect phone swapping.The process is then ended in a step 470.

For the purpose of enrolling an administrator, the first user, or otherusers, the system can utilize a tap proximity method as an alternativeto a PIN or password. In the case of a newly installed system, thesystem may be vulnerable to unauthorized enrollment. It becomesconvenient and secure to require the user to simply tap their device 15,that they wish to enroll, to the wall plugin unit 30 or the inside ofthe lock 11, to prevent outside unwanted users from enrolling in thesystem.

A proximity detection feature may be included in the wireless accesssystem 10, and more particularly, the remote access device 15 may use amagnetic field sensor 39, such as, for example, a compass in mobilewireless communications device, as a proximity sensor to obtain a moreuniform approach/departure distance calibration. A magnetic pulse orpulse sequence may be used in the lock 11 to illuminate a magnetic fluxsensor in the remote access device 15 to establish proximity.

Additionally, the remote device 15, for example, a mobile wirelesscommunications device or mobile telephone, may be qualified using bothradio frequency (RF) and audio, for example. The remote access device 15may be a source or sink of audio to help qualify proximity.

In another embodiment, as an alternative to a human driven lock, asnoted above, a turn-tab (not shown) may be included that will “flip out”of the front of the lock 11 when pressed to allow the user to turn thelock on an un-powered deadbolt 14. It may be desirable that the surfacearea be no larger than a standard key, for example. The user pushes theturn-tab back into the lock face when done. The turn-tab mayalternatively be spring loaded, for example.

In another embodiment, the turn-tab (not shown) may be added to apowered lock, for example the lock 11 described above. This is may beuseful to help force ‘sticky’ locks, for example, as will be appreciatedby those skilled in the art. This may also allow the user to give amanual assist to the motor in case of a strike/deadbolt 14 misalignment.This may also allow for operation in a low battery situation, forexample. The turn-tab may be particularly useful in other situations.

Additionally, one of the deadbolts may have a traditional key backup asit may be needed for emergencies, for example, while the remainingdeadbolts on a house may be keyless. This may eliminate the need tomatch physical keys on multiple deadbolts, and may reduce the cost foradditional deadbolts.

The wireless access system 10 may also include an additional accessfeature. For example, with the home-connect plugin 30 connected to theInternet through server 34 and/or personal computer 25, for example, itmay be possible to have the lock 11 unlock via a command from thewireless access system. In other words, the lock 11 could be opened forusers who don't have a remote access device 15. More particularly, theycould call a call center or service that could unlock the lock 11 viathe Internet 27, for example, or via other wireless communicationsprotocol. Also, an authorized user could provide this action as well.Additionally, fire/police could gain access by this method if the lockowner opts-in to this service. As will be appreciated by those skilledin the art, alternatively, a command could be sent from the remoteaccess device 15.

The wireless access system 10 may also include an activation indication.For example, the remote access device 15 can signal the operator via anauditory tone, vibration or other indication when the lock is activated.This may help communicate actions to the user to reduce any confusion.

The wireless access system 10 may also include an additional securityfeature. For example, the wireless access system 10 may use anadditional authentication channel, for example, via a WLAN, WiFi, orother communication protocol, either wired or wireless, with the remoteaccess device 15. This may improve authentication and make spoofingconsiderably more difficult, as will be appreciated by those skilled inthe art.

As another security feature of the wireless access system 10, if cellservice and data service, for example, if the remote access device 15 isa mobile phone, are turned off, remote access application may considerthis a threat related to key revocation and authentication may not beapproved. Also, the lock 11 may include a radar device, or a radardevice may be coupled adjacent the lock to detect the locations of theentrant by facing outward in its sweep to resolve inside/outsideambiguity, for example. If the radar does not detect an entrant, then bydefault the holder of the remote access device is inside and the lock isnot activated. The radar may be enabled when the lock 11 is woken up bythe home-connect plugin 30 to conserve power.

Reference is now made to FIGS. 5, 7 and 13 in which an embodiment of theinvention having a lock 11 which includes an interior facing directionalantenna 50 and a an external facing directional antenna 52(schematically shown). Each is operatively coupled to wirelesscommunication circuitry 22 to send signals to, and listen for signalsfrom, remote access device 15. If interior facing directional antenna 50communicates with remote access device 15, lock 11 and in turn system 10determine that remote access device is inside the home, dwelling orstructure. If exterior facing directional antenna 52 communicates withremote access device 15, system 10 determines that remote access device52 is outside of the dwelling and operates as discussed above.Home-connect plugin 30 compares the signals from interior facingdirectional antenna 50 and exterior facing directional antenna 52 toconfirm the location of remote access device 12 prior to enabling remoteaccess device 15 to control lock 11. This prevents the door fromunlocking each time someone within the structure passes by the lock.

During operation, as user 70 approaches lock 11, external antenna 50communicates with remote access device 15 and its signal to determine anexternal RSSI in accordance with a step 500. As user engages lock 11 oran associated door knob, sensor 26 detects whether or not lock (or knob300) has been touched in a step 502. If not, then step 500 is repeatedand the external antenna RSSI is monitored.

If the lock 11 has been touched, then controller 21 at lock 11 switchesthe operation antenna to the use of an internal antenna 52 to broadcastto home-connect plugin 30 and determines a predetermined number ofconsecutive RSSI values. In a step 506 it is determined whether theoutside RSSI is greater than the inside RSSI. If it is, then the systemdetermines that the authorized user is outside the dwelling and lock 11operates to either locked or unlocked in a step 508. If the outside RSSIis determined to be less than the inside RSSI in step 506, then the user70 is inside of the dwelling and the process returns to step 500 wherethe outwardly facing antenna is utilized. This is important as the userwould not want the system to be controlled from the outside by theiraccess device 15 if they are on the inside. In other words, this use ofboth the interior and the exterior facing antennae, prevents the systemfrom being fooled i.e., being unlocked by an unauthorized user on theoutside if the authorized remote access device 15 is near the door onthe inside.

In another embodiment, lock 11 may make use of sensor 26 to allow usersnot authorized to lock the passive key entry system 10, such as houseguests, a service worker, or the like, which may receive permission toenter, but had been asked to lock the door as they leave. In oneembodiment, the guest, service worker, or the like simply touches thelock 11 for an extended period of time greater than an inadvertentbrushing of the lock so that sensor 26 confirms the lock has beentouched at the exterior of the lock in the absence of an authorizedremote access device 15. When this combination is determined to bepresent by the controller the door locks. In another embodiment,multiple touches to sensor 26 embedded within lock 11 may cause, in theabsence of an authorized remote access control device, locking of thedoor.

A variation on this process can be utilized to remind the user they haveforgotten their authorized remote access device 15. Controllers 21, 32may be programmed to recognize that upon recognition of a remote accessdevice, a single touch at sensing device 26 allows control to the userto either lock or unlock lock 11. If the user touches the lock 11 asingle time and locking does not occur, this can act as a reminder thatthey have forgotten the remote access device. Furthermore, controller 21could control the visual display 216 and the like to indicate the openor locked condition to user 70 so that they may recognize that the lockis not acting in accordance with expectations because of the absence ofthe remote access device 15.

A mechanical or zero/low-power tilt sensor may be configured to detectbreak-in events, for example to the lock 11 eased upon a detectedbreak-in, the lock 11 activate and thereafter communicate tohome-connect plugin 30 to report an intruder alert. The lock 11 may alsostore information, in a memory, for example, if home-connect plugin isoff-line.

Radar or other motion detector device (not shown) may also be added tothe home-connect plugin 30 to assist with inside/outside determinationand break-in monitoring. The radar or other motion detector may be usedin conjunction with an alarm system, as will be appreciated by thoseskilled in the art.

Indeed, while the different components of the wireless access system 10have been described with respect to a wireless protocol, it will beappreciated by those skilled in the art that the components maycommunicate via a wired network and protocols or a combination of wiredand wireless networks. Additionally, while Bluetooth and WLAN (i.e.WiFi) has been described herein as wireless protocols of particularmerit, other wireless protocols may be used, for example, Zywave,ZigBee, near field communication (NFC), and other wireless protocols.

Many modifications and other embodiments of the invention will come tothe mind of one skilled in the art having the benefit of the teachingspresented in the foregoing descriptions and the associated drawings.Therefore, it is understood that the invention is not to be limited tothe specific embodiments disclosed, and that modifications andembodiments are intended to be included within the invention.

1-12. (canceled)
 13. A method for transferring remote access to a lock from a remote access device comprising the steps: creating an account by storing on a remote server, user identification information, and remote access device identification information associated with a first local access device; accessing the server with a second remote access device utilizing the user identification information; the server determining that the second remote access device is not the first remote access device; transmitting the remote access device identification information associated with the second remote access device to the server; the server storing the remote access device identification information associated with the second remote access device with the user information; and the server transmitting the remote access device identification information associated with the second remote access device to a controller for controlling a lock.
 14. The method of claim 13, further comprising the step of the server sending the remote access device identification information associated with the second remote access device and the remote access device identification information associated with the first remote access device to the second remote access device; the second remote access device transmitting the remote access device identification information associated with the first remote access device to the controller; the controller recognizing the user, receives remote access device identifying information associated with the second remote access device and stores the remote access device identification information of the second remote access device to allow the second remote access device to access the lock.
 15. The method of claim 13, wherein the remote access device is a cellular phone.
 16. The remote access device of claim 13, wherein the remote access device is a phone.
 17. The method of claim 13, wherein the remote access identification information is a bluetooth address.
 18. (canceled)
 19. (canceled) 